One approach to self-securing Voice over Internet Protocol (VoIP) phone calls involves the users transmitting their public keys as ‘watermarks’ embedded in the VoIP voice streams. The system manipulates frequency bands of the users' voices to allow the receiving endpoint to decode the frequencies into a series of bits. In some instances, these bits constitute a hash of a public key. This hash may represent a hash of a previously-exchanged public key.
For example, User A and User B exchange their public keys in a fast channel. Note that the term ‘channel’ may just comprise a particular bandwidth on a physical channel. When User A calls User B, user A's transmitting endpoint manipulates the frequencies of User A's voice in such a manner that the manipulation does not degrade User A's voice signal to the point where User B would hang up, but allows the receiving endpoint at User B to decode a series of bits from the signal. In this example, the series of bits constitutes a hash of User A's public key. User B can use the hash to acquire a second instance of User A's public key, then compare the second instance to the first instance previously acquired and confirm that User A is really User A.
A vulnerability in this approach may arise because the transmission of the hash of the public key occurs in a ‘slow’ channel. The ‘slow’ channel may actually be the same physical channel as the fast channel, it is just utilized at a much lower bandwidth because of the nature of the imprinting process. Due to the slower transmission, it is possible that a man in the middle may generate a hash that collides with User A's hash, and then can use that to intrude into the conversation before the complete imprint has occurred. The longer the imprint takes to transmit, the longer an attacker can successfully attack a conversation until the attacker's presence is detected. The ability to use a faster authentication would shorten the window of attack, allowing faster identification of attacks.